Intel has it issued a security alert that the control firmware on a number of recent PC, server, and Internet-of-things processor platforms is vulnerable to remote attack. Using vulnerabilities, the worst of which were uncovered by Mark Ermolov and Maxim Goryachy of Good Technologies Research, remote attackers could launch commands on a host of Intel-based computers, including laptops and desktops shipped with Intel Core processors since 2015. They can have access to privileged system information, and millions of computers can be seriously affected as a result of the virus. Most of the vulnerabilities require physical access to the targeted device, but one allows remote attacks with administrative access.
Buildings of Pipa a search tool on its support website for Windows and Linux to help identify vulnerable systems. In a security alert, members of Intel’s security team said that “in response to issues identified by external researchers, Intel has conducted a comprehensive security review of the Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE) , and Intel® Server Platform Services (SPS) with the goal of improving firmware integration.”
Four vulnerabilities were discovered affecting Intel Management Engine firmware versions 11.0 through 11.20. Two were found in earlier versions of ME, and two in Server Platform Services firmware version 4.0 and two in TXE version 3.0.
The bugs affect the following Intel CPUs:
- Intel Core processors from 6Th generation (“Skylake”), 7Th generation (“Kaby Lake”), & 8th generation (“Kaby Lake-R” and “Coffee Lake”) family-producers in most desktop and laptop computers since 2015;
- Multiple Xeon processor lines, including Xeon Processor E3-1200 v5 & v6 Product Family, Xeon Processor Scalable family, and Xeon Processor W family;
- Atom C3000 Processor family and Apollo Lake Atom Processor E3900 series for network devices and embedded devices and Internet of Things Platforms, and
- Apollo Lake Pentium and Celeron™ N and J series processors for mobile computing.
The highest level vulnerabilities, rated 8.2 and 7.5 on the Common Core Security Vulnerability Scale (CVSSv3) respectively, are found in the most recent versions of the Intel Controller. They have the broadest impact on PC users: they allow remote code execution and privileged access to information. Dell has made a statement on the MX concept that lists more than 100 affected systems, including various Inspiron, Latitude, AlienWare, and OptiPlex systems; Lenovo There is also a large list posted on your site.
The search tool is meant for companies to check widely, but the Windows version provides a graphical view for each Dell and Lenovo does not yet have patches available; Dell’s ship dates for the new firmware are to be determined, and Lenovo expects to have some of the new firmware available by November 23.
Update, November 22, 12:00 EST: HP, Dell, and other vendors have completed patches for their respective firmware, and are preparing them for distribution.